December 5, 2007 - In an effort to improve the security of sensitive health information, major organizations from across the healthcare and employer spectrum have united to participate in the development of the first common security framework for the protection of health information.
“Health and biomedical information technology holds the promise for quality improvement and cost containment, and that proposition is universally appealing, regardless of your role in the industry,” said Daniel Nutkis, CEO of the Health Information Trust Alliance (HITRUST), which is spearheading the development of the security framework. “Those groups participating in the framework development recognize that we will not achieve the full potential of information technology if we don’t first establish widespread confidence in the security of electronic information.”
Over the next year, HITRUST and the common security framework founding participants - CVS Caremark, Cisco Systems, Highmark Inc., Hospital Corp. of America, Humana, Johnson & Johnson, Philips Healthcare, and Pitney Bowes - will bring together a representative group of healthcare stakeholders across all segments of the industry. This group will develop a common security framework that will provide the industry with an actionable set of standardized practices. Also participating in the development of the common security framework is PricewaterhouseCoopers, a professional services firm currently engaged in the assessment and implementation of information security infrastructures.
“Although ‘privacy’ and ‘security’ are often used interchangeably, they are distinct, but interrelated, concepts,” said Kimberly Gray, chief privacy officer of Highmark Inc. “Health information privacy in the U.S. today focuses on keeping personal information confidential, and privacy policy is generally overseen by government and regulatory bodies. Security, on the other hand, is the means and mechanisms to protect privacy and must be capable of quickly adapting to changes in the technology and industry landscape and is best left to the private sector. HITRUST is singularly focused on the latter.”
“We recognize that a piecemeal approach to information security does not adequately support the information security infrastructure necessary to efficiently drive broad adoption of health and biomedical information technology,” said Paul Connelly, vice president and chief information security officer at Hospital Corp. of America. “If we all continue to go at security in our own ways, then at the end of the day we would be farther from, rather than closer to, appropriately protecting sensitive health information and garnering the efficiencies and benefits, and that is not an option.”
The Health Information Trust Alliance (HITRUST) is a private, independent company created to establish a common security framework that will allow for more effective and secure access, storage and exchange of personal health information. HITRUST is bringing together a broad array of healthcare organizations and stakeholders, who are united by the core belief that standardizing a higher level of security will build greater trust in the electronic flow of information through the healthcare system.
For more information: www.hitrustalliance.org, www.hitrustalliance.org